Config.in.php..è completo login.php è questo:
<?
session_start();
$str_errore='';
include ('include/config.inc.php');
if(strtoupper($_SERVER['REQUEST_METHOD'])=='POST'){
$username=$_POST['user'];
$pass=$_POST['pass'];
if(eregi('^[a-z0-9]{2,100}$',$username) && eregi('^[a-z0-9]{2,100}$',$pass)){
$sql="SELECT admin_id FROM admin WHERE admin_user='".$username."' AND admin_pass='".$pass."' ";
//echo $sql;
$dati=mysql_query($sql,$miaconn);
if(mysql_num_rows($dati)>0){
//********************** login ok
$array=mysql_fetch_array($dati);
$_SESSION['admin_id']=$array["admin_id"];
//$_SESSION['admin_user']=$array["admin_user"];
//echo $_SESSION['uteid'].'
';
//echo session_id();
//echo'<a href="admin.php">';
header("location: admin.php");
exit();
}
else{
//***************login fallito
$str_errore='errore in fase di login 1';
}
}
else{$str_errore='errore in fase di login 2';}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<body>
<? echo $str_errore; ?>
<form name="info" action="login.php" method="post">
<fieldset>
<legend>Login</legend>
<label>User</label>
<input type="text" name="user" />
<label>Password</label>
<input type="text" name="pass" />
<input type="submit" />
</fieldset>
</form>
</body>
</html>
Rispondi quotando